Erman Arslan's Oracle Forum Database

TNS Poisoning Atack

classic Classic list List threaded Threaded
4 messages Options
manjini
Reply | Threaded
Open this post in threaded view
|

TNS Poisoning Atack

manjini
Hello Erman,

We have to find workaround for TNS poisoning without 12.2c upgrade , can you lead me to rigth document for 11.2.0.3 and 11.2.0.4 non rac  database.
ErmanArslansOracleBlog
Reply | Threaded
Open this post in threaded view
|

Re: TNS Poisoning Atack

ErmanArslansOracleBlog
Administrator
Hi,

You mean CVE-2012-1675, a vulnerability in the TNS listener which has been recently disclosed as "TNS Listener Poison Attack" affecting the Oracle Database Server.

Yes, I can lead you..

Did you check  my related posts?

https://ermanarslan.blogspot.com/2014/07/ebs-122-rdbms-listener-poisoning-oracle.html

https://ermanarslan.blogspot.com/2017/03/vncr-valid-node-checking-for.html
manjini
Reply | Threaded
Open this post in threaded view
|

Re: TNS Poisoning Atack

manjini
Thank you for help Erman,

What I did was;

for 11.2.0.3 databases I applied patch and vulnerability fixed.
for 11.2.0.4 databases I added a parameter to listener.ora which is "SECURE_REGISTER_LISTENER = (TCP)" and vulnerability fixed.
ErmanArslansOracleBlog
Reply | Threaded
Open this post in threaded view
|

Re: TNS Poisoning Atack

ErmanArslansOracleBlog
Administrator
Good then.
Free forum by Nabble Edit this page